OESA-2022-2084

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-2084

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2022-2084.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2022-2084

Upstream

CVE-2019-13173

Published

2022-11-11T11:04:35Z

Modified

2025-08-12T05:04:14.469408Z

Summary

nodejs-fstream security update

Details

Provides advanced file system stream objects for Node.js. These objects are like FS streams, but with stat on them, and support directories and symbolic links, as well as normal files. Also, you can use them to set the stats on a file, even if you don't change its contents, or to create a symlink, etc.

Security Fix(es):

fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.(CVE-2019-13173)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:22.03-LTS / nodejs-fstream

Package

Name: nodejs-fstream
Purl: pkg:rpm/openEuler/nodejs-fstream&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.12-1.oe2203

Ecosystem specific

{
    "src": [
        "nodejs-fstream-1.0.12-1.oe2203.src.rpm"
    ],
    "noarch": [
        "nodejs-fstream-1.0.12-1.oe2203.noarch.rpm"
    ]
}